Microsoft Fixes 23 Vulnerabilities Including Critical IE FlawsMicrosoft Fixes 23 Vulnerabilities Including Critical IE Flaws
Microsoft released 8 updates for a variety of products fixing a total of 23 vulnerabilities, many of them critical flaws affecting Internet Explorer. Applying the most urgent patches quickly would be wise.
October 11, 2011
Microsoft issued its monthly security bulletins today, which include two updates rated as “critical” and which could allow remote code execution. The first, MS11-078, is for a vulnerability in .NET Framework and Microsoft Silverlight. The second critical fix is for MS11-081, a cumulative security update for Internet Explorer. There were six other updates issued that were ranked as “important.”
Microsoft also issued guidance for prioritization of patching. Click on the image below for a full-size chart.
Patch Deployment Priority - Click For Full Size
MS11-078 resolves what was a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight, that if left unfixed, Microsoft said, could allow remote code execution on a client system if a user views a specially crafted web page using a browser running XAML Browser Applications (XBAPs) or Silverlight applications. The impact will not be as great on systems configured to have fewer user rights as opposed to users whose systems operate with administrative user rights, according to Microsoft. A remote code execution is also possible on a server system running IIS, "if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario," because of the vulnerability, Microsoft reported. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
The update to MS11-081 resolves eight privately reported critical Internet Explorer vulnerabilities, Microsoft reported. Remote code execution would be the most severe of outcomes if a user views a specially crafted web page using Internet Explorer. If any of these vulnerabilities were successfully exploited, an attacker could gain the same user rights as the local user, according to Microsoft. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. All shipping versions of IE, including IE9, are affected by at least 1 critical vulnerability.
A privately reported vulnerability in the Active Accessibility component, MS11-075, has also been patched. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file, Microsoft said. The Microsoft Active Accessibility component could attempt to load the DLL file and execute any code it contained while opening the legitimate file, the firm said. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. MS11-076 is an "important"security update to resolve an publicly disclosed vulnerability in Windows Media Center. If an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file, it could allow remote code execution. Then, while opening the legitimate file, Windows Media Center could attempt to load the DLL file and execute any code it contained, according to Microsoft. A user must visit an untrusted remote file system location or WebDAV share and open a legitimate file for an attack to be successful. MS11-075 and MS11-076 are examples of a vulnerability class called "remote binary planting" which has necessitated dozens of fixes by Microsoft and 3rd party application vendors in the last year.
An important security update was also issued for MS11-077, which resolves four privately reported vulnerabilities in Windows, Microsoft reported. A remote code execution would be the most severe of these vulnerabilities if a user opens a specially crafted font file (such as a .fon file) in a network share, a UNC or WebDAV location, or an e-mail attachment, Microsoft reported. For a remote attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open the specially crafted font file, or open the file as an e-mail attachment.
MS11-079 is a security update for five privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow remote code execution if a user visits an affected Web site using a specially crafted URL, Microsoft reported. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site, the firm said.
MS11-080 is a security update resolving a privately reported vulnerability in the Windows Ancillary Function Driver (AFD). If an attacker logs on to a user's system and runs a specially crafted application, the vulnerability could allow elevation of privilege. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability, Microsoft said.
The final security update is for MS11-082, which resolves two publicly disclosed vulnerabilities in Host Integration Server. The vulnerabilities could allow denial of service if a remote attacker sends specially crafted network packets to a Host Integration Server listening on UDP port 1478 or TCP ports 1477 and 1478, Microsoft said. It recommended firewall best practices and standard default firewall configurations as a way to help protect networks from attacks that originate outside the enterprise perimeter. Another recommendation is that systems connected to the Internet have only a minimal number of ports exposed. In this case, the Host Integration Server ports should be blocked from the Internet, Microsoft advised.
About the Author(s)
You May Also Like